On 9/2/16, 12:09 , "openssl-users on behalf of Salz, Rich" <openssl-users-boun...@openssl.org on behalf of rs...@akamai.com> wrote:
I thought DSA was more secure than RSA? Granted, "I thought" is a newbie understanding. This is completely wrong. If you have a consistently good source of randomness (in my environment RDRAND counts as such), then DSA is fine, and in theory is stronger than RSA because it relies on a harder mathematical problem. If your source of randomness is questionable – DSA won’t be secure (as Rich said). Then of course there are the implementation issues – the randomness source may be available, but does the application use it correctly? (I hope that for OpenSSL the answer is “yes”, but I did not check, as I’m using RSA for work-related things, and ECC for fun. J) Suite B and its follow-up do not include DSA. RSA and ECC only, with a warning to stand by for PQC stuff. In summary: do what everybody else does – use RSA. J
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
